Since Zeroshell 3.3.x upgrade , it’s no more possible to have internet access using a distant PPTP VPN gateway.
Access to private distant ressources is fully OK, but not access to the distant internet ressouces.
Acces using OpenVPN still remain OK (L2TP/IPsec not tested), but in any case (Android stock smartphone) PPTP is the only standard available VPN.
Rolling back to ZS 3.2.1 solves the internet access issue with PPTP.
small MTU broke packets,
in version 3.7.1 only 40-50% sites work fine (for pptp clients), another sites not work. And for openvpn mobile client, 50% sites not work if encryption enabled (in my network).
3 way to resolve problem:
1)script in zeroshell sheduler, every 1 min:
iptables -t mangle -I FORWARD -p tcp –tcp-flags SYN,RST SYN -j TCPMSS –clamp-mss-to-pmtu